VMware Workstation: 4 High CVE Score Vulnerabilities

They were disclosed various vulnerabilities security flaws in VMware Workstation and Fusion products that could be exploited by cybercriminals to access sensitive information, trigger a denial of service (DoS) condition and execute code under certain circumstances.

It should be noted that in the past, Vmware had other types of problems over time, but which were promptly resolved, now the flaws concern precisely VMWare Workstation, not “all” VMware itself.

What are the 4 flaws in VMware Workstation

The four vulnerabilities affect VMware Workstation versions 17.x and Fusion versions 13.x, with fixes available in versions 17.5.2 and 13.5.2, respectively. the Broadcom-owned virtualization services provider said.

A brief description of each of the vulnerabilities is as follows:

• CVE-2024-22267 (CVSS score: 9.3) – A use-after-release vulnerability in the Bluetooth device that could be exploited by a cybercriminal with classic system administrator privileges on local accounts, as well as on a virtual machine to run code as the virtual machine’s VMX process running on the host.

• CVE-2024-22268 (CVSS score: 7.1) – A heap buffer-overflow vulnerability in the Shader functionality of VMware Workstation that could be exploited by a malicious actor with non-administrative access to a virtual machine with 3D graphics enabled to create a DoS condition.

• CVE-2024-22269 (CVSS score: 7.1) – An information disclosure vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine to read privileged information contained in hyper-viewer memory from a virtual machine.

• CVE-2024-22270 (CVSS score: 7.1) – An information disclosure vulnerability in the Host Guest File Sharing (HGFS) feature that could be exploited by a malicious actor with local administrative privileges on a virtual machine to read privileged information contained in hyper-viewer (Hyper-V) memory from a virtual machine.

What solutions have been proposed to fix, at least temporarily, the flaws in VMware Workstation

As temporary solutions until fixes can be implemented, users are advised to turn off Bluetooth support on the virtual machine e disable the 3D acceleration feature. There are no mitigations that address CVE-2024-22270 other than updating to the latest version.

Interestingly, CVE-2024-22267, CVE-2024-22269, and CVE-2024-22270 have been originally demonstrated by STAR Labs SG and Theori in the Pwn2Own hacking contest held in Vancouver last March.

The notice comes more than two months after the company has released fixes to address four security vulnerabilities affecting ESXiWorkstation and Fusion, including two critical flaws (CVE-2024-22252 and CVE-2024-22253, CVSS scores: 9.3/8.4) which could lead to the execution of malicious code (a classic “injection” attack, so to speak).

And disable virtualization from BIOS?

As one might object, it is necessary to point out that virtualization it is possible to disable it directly from the machine’s BIOS, without going through the operating system.

However these applications work thanks to the virtualization that starts from the motherboard, consequently disabling virtualization from BIOS simply won’t make Workstation and co. work.

It is necessary to make this premise, because someone could try to “get their hands” on the BIOS thinking of solving these problems, and then complain that “things are not working”; Certainly VMware Workstation (and not only), absolutely cannot work if virtualization is not activated, there is little to do.

Conclusion

In conclusion, the recent vulnerabilities revealed in the VMware Workstation and Fusion products highlight the constant need for vigilance and updates in the field of cybersecurity. While temporary fixes have been proposed to mitigate the risks, such as turning off Bluetooth support and disabling 3D acceleration, Updating to the correct versions remains the best practice for ensuring the security of virtual systems.

Furthermore, it is important to underline that virtualization is a fundamental element for the functioning of these applications and disabling it directly from the BIOS could compromise the entire system; therefore, It is essential to fully understand the implications of the actions taken to resolve the vulnerabilities and ensure that you take the recommended corrective measures without compromising the integrity and functioning of the software.